Tuesday, January 8, 2019

ARIN may not be well known to the wider public, but it provides a crucial service which affects the Internet at large.

One of the main tasks of the non-profit organization is to distribute crucial Internet number resources, including IPv4 addresses, IPv6 addresses, and AS numbers.

These numbers are not directly allocated to individual end-users. They typically go to large companies including Google and Amazon, Internet registrars, as well as ISPs such as AT&T, Comcast, Bell, and Rogers.

For several decades these companies have maintained a voluntary Whois database, keeping track of customers assigned a large block of IP-numbers. Not the average Joe’s Internet connection, but a large university, or a hosting provider, for example.

In a letter sent to the Canadian Government as part of the Statutory Review of the Copyright Act, ARIN stresses that the Whois database is an important copyright enforcement tool.

“When copyright infringing material or other illicit content is found online, Whois is often the first point of investigation of the source,” ARIN writes.

“Law enforcement agencies and private parties with a legal interest can access the Whois database either in accordance with the registrar’s policies, or under judicial order.”

Until recently, this Whois database was kept in place by ARIN through a “carrot” and “stick” approach. Companies would regularly come back to request new IP-addresses (carrot), and ARIN would only allocate this if the Whois database was properly maintained (stick).

This has worked fine for over thirty years, but the American non-profit fears that their “stick” may no longer be as effective now things are moving to IPv6.

Since the IPv4 address pool is exhausted, companies are moving to IPv6 addresses, which are widely available. This means that these companies may not have to return to ARIN for years.

Without this pressure, these companies may neglect the Whois database, the organization fears.

“ISPs and others will be able to request large blocks IPv6 numbers and may not need to return to ARIN for replenishment for several years. As a result, ARIN will no longer have a mechanism to require compliance with maintaining up to date records of IP dispersals,” the organization writes.

“As no other regulatory or other mechanisms exist that would require this information be updated and preserved, it is likely that many organizations will rarely or never do so.”

ARIN fears that without a proper Whois database, rogue players could “wreak havoc.” That will make it harder to investigate and stop copyright infringement, as well as other illegal activity.

As such, the organization is asking the Canadian Government to “require” companies and ISPs that receive large blocks of numbers to “maintain an up-to-date registry of the assignment of internet numbers.”

In addition, the Government shoulds take legislative or regulatory action to ensure that companies which can assign internet numbers to third parties have a legal duty to keep the Whois database up to date.

ARIN recommendations

This is the first time we’ve seen ARIN getting involved in copyright enforcement discussions at this level. It will be interesting to see how their request will be received.

Whether all 5,896 ARIN members stand behind the request is doubtful. Milton Mueller, a professor at the Georgia Institute of Technology School of Public Policy and a former ARIN advisory committee member, believes that it’s a bad idea to fragment these kinds of policies on a country-to-country basis.

Mueller also questions whether most ARIN members stand behind the submission, which was apparently sent in without consulting the organization’s broader base.

“I think ARIN’s community would be shocked to see its staff inviting national governments to regulate them without any discussion or vetting of this idea within the community,” he informed The Wire Report.

Copyright holders in the United States and abroad will likely welcome the proposal though. For them, Whois data has been a hot topic over the past several months.